Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
56
0
Share
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
180
Getting Started in Bug Bounty
jr0ch17
0
160
Getting Blindly Lucky
jr0ch17
0
100
Qu'est-ce que le bug bounty?
jr0ch17
0
150
Finding 5 bugs in a single parameter
jr0ch17
0
110
Beyond the Borders of Scope
jr0ch17
1
93
Bad API, hAPI Hackers!
jr0ch17
0
1.6k
Other Decks in Technology
See All in Technology
20260326_AIDD事例紹介_ULSC.pdf
findy_eventslides
0
340
ThetaOS - A Mythical Machine comes Alive
aslander
0
230
SSoT(Single Source of Truth)で「壊して再生」する設計
kawauso
2
410
JEDAI認定プログラム JEDAI Order 2026 受賞者一覧 / JEDAI Order 2026 Winners
databricksjapan
0
480
契約書からの情報抽出を行うLLMのスループットを、バッチ処理を用いて最大40%改善した話
sansantech
PRO
3
340
スクラムを支える内部品質の話
iij_pr
0
170
Network Firewall Proxyで 自前プロキシを消し去ることができるのか
gusandayo
0
160
The essence of decision-making lies in primary data
kaminashi
0
220
CREがSLOを握ると 何が変わるのか
nekomaho
0
370
「活動」は激変する。「ベース」は変わらない ~ 4つの軸で捉える_AI時代ソフトウェア開発マネジメント
sentokun
0
140
不確実性と戦いながら見積もりを作成するプロセス/mitsumori-process
hirodragon112
1
170
Move Fast and Break Things: 10 in 20
ramimac
0
110
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
287
14k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
170
YesSQL, Process and Tooling at Scale
rocio
174
15k
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
4 Signs Your Business is Dying
shpigford
187
22k
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Lightning Talk: Beautiful Slides for Beginners
inesmontani
PRO
1
500
Fireside Chat
paigeccino
42
3.9k
Paper Plane (Part 1)
katiecoart
PRO
0
6.3k
Exploring anti-patterns in Rails
aemeredith
3
300
Optimising Largest Contentful Paint
csswizardry
37
3.6k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
findy_eventslides
aslander
kawauso
databricksjapan
sansantech
iij_pr
gusandayo
kaminashi
nekomaho
sentokun
hirodragon112
ramimac
stephaniewalter
gurzu
rocio
malarkey
shpigford
garrettdimon
inesmontani
paigeccino
katiecoart
aemeredith
csswizardry
sstephenson
